1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
#!/bin/bash
# Post-installation script (run on USER'S system after installing the
# main rEFInd package)
set -e
if [ -f /usr/share/debconf/confmodule ] ; then
. /usr/share/debconf/confmodule
fi
install_to_esp() {
BootCurrent=$(efibootmgr | grep BootCurrent | cut -d " " -f 2)
# BootShimFile will hold the Shim/PreLoader filename *IF* it was used for
# the current boot; it will be null otherwise
BootShimFile=$(efibootmgr -v | grep Boot$BootCurrent | cut -f 2- -d '\' | cut -f 1 -d ')' | grep -i 'shim\|preloader' || true)
cd /usr/share/refind
if [[ -f /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c ]] ; then
IsSecureBoot=$(od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c | awk '{print substr($0,length,1)}')
elif [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
IsSecureBoot=$(od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[:space:]')
fi
# Note: Two find operations for ShimFile favors shim over PreLoader -- if both are
# present, the script uses shim rather than PreLoader.
declare ShimFile=`find /boot -name shim\.efi -o -name shimx64\.efi -o -name PreLoader\.efi 2> /dev/null | head -n 1`
if [[ ! -n $ShimFile ]] ; then
declare ShimFile=`find /boot -name PreLoader\.efi 2> /dev/null | head -n 1`
fi
declare SBSign=`which sbsign 2> /dev/null`
declare OpenSSL=`which openssl 2> /dev/null`
# Run the rEFInd installation script. Do so with the --shim option if
# Secure Boot mode is suspected, if a shim program can be found, and if
# Shim was used for the current boot; or without it if not. If a shim
# installation is attempted and the sbsign and openssl programs can be
# found, do the install using a local signing key. Note that this option
# is undesirable for a distribution, since it would then require the user
# to enroll an extra MOK. I'm including it here because I'm NOT a
# distribution maintainer, and I want to encourage users to use their own
# local keys.
if [[ $IsSecureBoot == "1" && -n $ShimFile && -n "$BootShimFile" ]] ; then
if [[ -n $SBSign && -n $OpenSSL ]] ; then
./refind-install --shim $ShimFile --localkeys --yes > /dev/null
else
./refind-install --shim $ShimFile --yes > /dev/null
fi
else
if [[ -n $SBSign && -n $OpenSSL ]] ; then
./refind-install --localkeys --yes > /dev/null
else
./refind-install --yes > /dev/null
fi
fi
} # install_to_esp()
#
# Main part of script begins
#
case "$1" in
configure)
db_get refind/install_to_esp || true;
if [ x"$RET" = x"true" ]; then
echo "Installing rEFInd to the ESP..."
install_to_esp
else
echo "** Not installing rEFInd to the ESP! **"
echo "If you want rEFInd to control the boot process, you can do so by runing:"
echo ""
echo "dpkg-reconfigure refind"
echo ""
fi
;;
reconfigure)
db_get refind/install_to_esp || true;
if [ x"$RET" = x"true" ]; then
echo "Installing rEFInd to the ESP..."
install_to_esp
else
echo "If rEFInd was previously configured to be your primary boot manager, you must"
echo "use efibootmgr to set the computer to boot with something else."
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
exit 0
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 0
;;
esac
#DEBHELPER#
|
